Critical State-Based Filtering System for Securing SCADA Network Protocols

The security of System Control and Data Acquisition (SCADA) systems is one of the most pressing subjects in industrial systems, particularly for those installations actively using the public network in order to provide new features and services. In this paper, we present an innovative approach to the design of filtering systems based on the state analysis of the system being monitored. The aim is to detect attacks composed of a set of “SCADA” commands that, while licit when considered in isolation on a single-packet basis, can disrupt the correct behavior of the system when executed in particular operating states. The proposed firewall detects these complex attacks thanks to an internal representation of the controlled SCADA system. Furthermore, we detail the design of the architecture of the firewall for systems that use the ModBus and DNP3 protocols, and the implementation of a prototype, providing experimental comparative results that confirm the validity of the proposed approach.

[1]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[2]  Nai Fovino Igor,et al.  A Service Oriented Approach to the Assessment of Infrastructure Security , 2007 .

[3]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[4]  I.H. Lim,et al.  Security Protocols Against Cyber Attacks in the Distribution Automation System , 2010, IEEE Transactions on Power Delivery.

[5]  Paul M. Frank Advanced Fault Detection and Isolation Schemes Using Nonlinear and Robust Observers , 1987 .

[6]  M.-C. Lin,et al.  Wide area network performance study of a distribution management system , 2000 .

[7]  Rolf Isermann,et al.  Process fault detection based on modeling and estimation methods - A survey , 1984, Autom..

[8]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[9]  Igor Nai Fovino,et al.  Scada Malware, a Proof of Concept , 2008, CRITIS.

[10]  Wolfgang Granzer,et al.  Security in Building Automation Systems , 2010, IEEE Transactions on Industrial Electronics.

[11]  Lin Wang,et al.  Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security , 2007, 2007 IEEE Power Engineering Society General Meeting.

[12]  Ahmet Onat,et al.  Control Over Imperfect Networks: Model-Based Predictive Networked Control Systems , 2011, IEEE Transactions on Industrial Electronics.

[13]  A.A. Creery,et al.  Industrial cybersecurity for a power system and SCADA networks - Be secure , 2007, IEEE Industry Applications Magazine.

[14]  Mo-Yuen Chow,et al.  Networked Control System: Overview and Research Trends , 2010, IEEE Transactions on Industrial Electronics.

[15]  Ya-Chin Chang,et al.  A SCADA system reliability evaluation considering performance requirement , 2004, 2004 International Conference on Power System Technology, 2004. PowerCon 2004..

[16]  Masera Marcelo,et al.  Models for Security Assessment and Management , 2006 .

[17]  Philip Gross,et al.  Secure "selecticast" for collaborative intrusion detection systems , 2004, ICSE 2004.

[18]  Kouhei Ohnishi,et al.  A Design Method of Communication Disturbance Observer for Time-Delay Compensation, Taking the Dynamic Property of Network Disturbance Into Account , 2008, IEEE Transactions on Industrial Electronics.

[19]  Igor Nai Fovino,et al.  Effects of intentional threats to power substation control systems , 2008, Int. J. Crit. Infrastructures.

[20]  Musaria K. Mahmood,et al.  Developing a Multi-Layer Strategy for Securing Control Systems of Oil Refineries , 2010, Wirel. Sens. Netw..

[21]  Rolf Isermann,et al.  Supervision, fault-detection and fault-diagnosis methods — An introduction , 1997 .

[22]  E.J. Byres,et al.  Industrial cybersecurity for power system and SCADA networks , 2005, Record of Conference Papers Industry Applications Society 52nd Annual Petroleum and Chemical Industry Conference.

[23]  Nai Fovino Igor,et al.  Modelling Information Assets for Security Risk Assessment in Industrial Settings , 2006 .

[24]  Thomas Novak,et al.  Safety- and Security-Critical Services in Building Automation and Control Systems , 2010, IEEE Transactions on Industrial Electronics.

[25]  Sujeet Shenoi,et al.  Security Strategies for SCADA Networks , 2007, Critical Infrastructure Protection.

[26]  Igor Nai Fovino,et al.  Emergent Disservices in Interdependent Systems and System-of-Systems , 2006, 2006 IEEE International Conference on Systems, Man and Cybernetics.